Cheat Engine

itsoqrappy

I've found in a single-player game the no-recoil address. Now I'm trying to find the no-spread address, and the problem is here: I have ~30 addresses which change synchronously when the spread increases/decreases.
I selected, freezed and set all them (the addresses) to 0, but nothing changes: the spread is still increasing/decreasing.
To figure out I didn't have from that addresses the spread address I took my recoil address, freeze and set it to 0. Then I saw nothing changed. So I unfreezed it and right-clicked on it "Find out what writes to this address"; I NOP'd recoil-opcode and from that moment I had no-recoil enabled.

Now I understood that freezing the address isn't useful in these cases, but sometimes I get more than 30 addresses (~60 too), which I can't distinguish as I already said they change synchronously.
Instead of checking them one-per-one using "Find out what writes to this address" and NOP'ing it, is there a way to NOP automatically the opcodes(functions) of multiple address automatically?

Thanks in advance.

++METHOS · Posted: Thu Mar 24, 2016 6:37 pm Post subject:

A few things...

Cheat Engine drop-down menu: Edit/General Settings: set all interval times to 1 ms. This may help with your freezing issue.

Regarding spread, sometimes there are 2 values...1 for default size of spread perimeter, based on the weapon, and one for the adjustable size of spread for when you are firing (e.g. the spread perimeter may increase in size the more that you fire). In other words, one of these values may not even change when you fire. Also, you may only need to change the default value in order to achieve the desired effect.

Also, these values can sometimes be found in the same structure as ammo, recoil etc..

And, yes, you can batch-NOP instructions, but you'll have to get those instructions for each address that you want to test. Once you check to see what is accessing the address, you can batch-NOP all instructions that populate the debugger list. I would recommend adding ALL instructions for ALL addresses to your code list and saving your table before you NOP anything. That way, depending on the target, you may not have to do so much work if/when the target crashes.

itsoqrappy · Posted: Fri Mar 25, 2016 7:22 am Post subject:

First of all, thanks for your reply.

++METHOS · Posted: Fri Mar 25, 2016 7:28 am Post subject:

Batch-NOP = NOP multiple instructions at a time.

But, as previously mentioned, you will still need to generate all of the instructions for every single address that you want to test.

Regarding the freeze issue, you can also try using speedhack to slow the process down and see if it has an affect, for testing purposes.

Regarding finding nothing in data structures...be sure to set your update interval in there, as well. Also, it helps if you create two groups that are identical (e.g. two ammo structures), then, right-click and lock one of the structures. With your update interval set to 1, you can then use the speed hack to slow the process down, fire your weapon in game, and see, in real time, the values that are actually changing inside of your structure. This will help considerably, for values that change so quickly that you may not even notice them.

itsoqrappy · Posted: Fri Mar 25, 2016 7:38 am Post subject:

++METHOS · Posted: Fri Mar 25, 2016 9:00 am Post subject:

Well, good luck then.

ParkourPenguin · Posted: Fri Mar 25, 2016 11:48 am Post subject:

To batch-NOP instructions, just take a bunch of instructions and replace their machine code bytes with 0x90 (NOP). What ++METHOS was saying was that finding those instructions is the hard part. You can either do that manually yourself, or just write a Lua script that sets breakpoints automatically and replaces instructions it finds with NOPs.

I really would recommend doing it manually since replacing the wrong instruction with NOPs could crash the game. If you try to do it automatically, then you won't have any idea what caused it to crash. You could try to make the automatic selection process better (i.e. see if an instruction accesses other addresses), but it'll never be perfect.

++METHOS · Posted: Fri Mar 25, 2016 12:37 pm Post subject:

Actually, I was just referring to highlighting multiple instructions inside the debugger window (The following opcodes accessed...), and clicking on the Replace button. Or, preferably, highlighting those same instructions and clicking on the Add to the codelist button, and from there, highlighting all instructions, right-clicking and selecting Replace all...but only after ALL possible instructions have been captured, from ALL test addresses, and the table has been saved off.

But......I got annoyed. Very Happy

Zanzer · Posted: Fri Mar 25, 2016 1:16 pm Post subject: